Government Documents and Resources

Chapter 8 discussed several laws, chief among them HIPAA, Sarbanes-Oxley, and the European Community's e-Privacy acts. All these laws are available online. U.S. Laws such as HIPAA and Sarbanes-Oxley are available at www.thomas.loc.gov. Maintained by the U.S. Library of Congress, this site contains all pending and past U.S. legislation. The site is named for Thomas Jefferson, U.S. patriot, president, and principal author of the Declaration of Independence. Other U.S. regulations and initiatives regarding data protection are available at the web sites of the Federal Emergency Management Agency (www.fema.gov); the Government Accountability Office (www.gao.gov); the Securities and Exchange Commission (www.sec.gov); and the Comptroller of the Currency (www.occ.treas.gov), which is part of the Department of the Treasury.

Laws and regulations of the European Union and European Community are available at the European Union's web site at www.europa.eu.int. Another interesting regulation that pertains to information assurance is "Directive 2000/31/EC: on certain legal aspects of information society services, in particular electronic commerce, in the Internal Market." Individual countries in the EU also have laws pertaining to data protection and information assurance online. The U.K. Data Protection Act of 1998 is available at the UnIted Kingdom's Office of Public Sector Information (http://www.opsi.gov.uk/acts/acts1998/19980029.htm). Other countries also maintain web sites with information about data protection issues. The Canadian government's analysis of the effects of the terrorist attacks of September 11, 2001, on critical infrastructure (Document IA02-001) is a must-read for all those who are involved in data protection and disaster planning.

Finally, information on the Basel Accords and the Basel Accords II is available at the web site of the International Bank of Settlements (www.bis.org). The consultative document titled "The compliance function in banks" provides food for thought for those in the banking industry as they look at how information management and regulatory compliance interact.